Analysis and Design of Clock-glitch Fault Injection within an FPGA

In modern cryptanalysis, an active attacker may induce errors during the computation of a cryptographic algorithm and exploit the faulty results to extract information about the secret key in embedded systems. This kind of attack is called a fault attack. There have been various attack mechanisms with diff erent fault models proposed in the literature. Among them, clock glitch faults support practically dangerous fault attacks on cryptosystems. This thesis presents an FPGA-based practical testbed for characterizing exploitable clock glitch faults and uniformly evaluating cryptographic systems against them. Concentrating on Advanced Encryption Standard (AES), simulation and experimental results illustrates proper features for the clock glitches generated by the implemented on-chip glitch generator. These glitches can be injected reliably with acceptably accurate timing. The produced faults are random but their eff ect domain is finely controllable by the attacker. These features makes clock glitch faults practically suitable for future possible complete fault attacks on AES. This research is important for investigating the viability and analysis of fault injections on various cryptographic functions in future embedded systems

暗号モジュールへの故障利用攻撃に対する安全性評価手法に関する研究

Tohoku University青木孝

Who Watches the Watchers: Attacking Glitch Detection Circuits

Over the last decades, fault injection attacks have been demonstrated to be an effective method for breaking the security of electronic devices. Some types of fault injection attacks, like clock and voltage glitching, require very few resources by the attacker and are practical and simple to execute. A cost-effective countermeasure against these attacks is the use of a detector circuit which detects timing violations - the underlying effect that glitch attacks rely on. In this paper, we take a closer look at three examples of such detectors that have been presented in the literature. We demonstrate four high-speed clock glitching attacks, which successfully inject faults in systems, where detectors have been implemented to protect. The attacks remain unnoticed by the glitch detectors. We verify our attacks with practical experiments on an FPGA

High Speed Clock Glitching

In recent times, hardware security has drawn a lot of interest in the research community. With physical proximity to the target devices, various fault injection hardware attack methods have been proposed and tested to alter their functionality and trigger behavior not intended by the design. There are various types of faults that can be injected depending on the parameters being used and the level at which the device is tampered with. The literature describes various fault models to inject faults in clock of the target but there are no publications on overclocking circuits for fault injection. The proposed method bridges this gap by conducting high-speed clock fault injection on latest high-speed micro-controller units where the target device is overclocked for a short duration in the range of 4-1000 ns. This thesis proposes a method of generating a high-speed clock and driving the target device using the same clock. The properties of the target devices for performing experiments in this research are: Externally accessible clock input line and GPIO line. The proposed method is to develop a high-speed clock using custom bit-stream sent to FPGA and subsequently using external analog circuitry to generate a clock-glitch which can inject fault on the target micro-controller. Communication coupled with glitching allows us to check the target\u27s response, which can result in information disclosure.This is a form of non-invasive and effective hardware attack. The required background, methodology and experimental setup required to implement high-speed clock glitching has been discussed in this thesis. The impact of different overclock frequencies used in clock fault injection is explored. The preliminary results have been discussed and we show that even high-speed micro-controller units should consider countermeasures against clock fault injection. Influencing the execution of Tiva C Launchpad and STM32F4 micro-controller units has been shown in this thesis. The thesis details the method used for the testing a

How Practical are Fault Injection Attacks, Really?

Fault injection attacks (FIA) are a class of active physical attacks, mostly used for malicious purposes such as extraction of cryptographic keys, privilege escalation, attacks on neural network implementations. There are many techniques that can be used to cause the faults in integrated circuits, many of them coming from the area of failure analysis. In this paper we tackle the topic of practicality of FIA. We analyze the most commonly used techniques that can be found in the literature, such as voltage/clock glitching, electromagnetic pulses, lasers, and Rowhammer attacks. To summarize, FIA can be mounted on most commonly used architectures from ARM, Intel, AMD, by utilizing injection devices that are often below the thousand dollar mark. Therefore, we believe these attacks can be considered practical in many scenarios, especially when the attacker can physically access the target device

Assembly Level Clock Glitch Insertion Into An XMega MCU

This thesis proposes clock-glitch fault injection technique to inject glitches into the clock signal running in a microcontroller unit and studying its effects on different assembly level instructions. It focusses mainly on the effect of clock glitches over the execution, sub-execution and pre-execution cycles of the test instructions and also finds the delay between the actual position of glitch insertion and the trigger being set for the glitch insertion. The instructions used in this work are provided by Atmel which classifies them according to their type of operation. These instructions are here further grouped depending on the number of clock cycles they require for their execution. Each group of instructions are tested for their behavior towards clock glitches being injected at different places in and surrounding their execution cycle. This thesis utilizes the ChipWhisperer-Lite board (CW1173) for performing the whole experiment by controlling the target device, providing clock as well as clock glitches with appropriate properties at appropriate position to the target device. The Atmel AVR XMEGA 128D4U is used as the target device (CW303) that uses an external clock of frequency 7.37MHz generated by the main board. The Capture software, provided by the ChipWhisperer, is used for establishing the hardware connection between the main board and the target board. The clock glitches are designed and triggered through the Capture software

Assembly Level Clock Glitch Insertion Into An XMega MCU

This thesis proposes clock-glitch fault injection technique to inject glitches into the clock signal running in a microcontroller unit and studying its effects on different assembly level instructions. It focusses mainly on the effect of clock glitches over the execution, sub-execution and pre-execution cycles of the test instructions and also finds the delay between the actual position of glitch insertion and the trigger being set for the glitch insertion. The instructions used in this work are provided by Atmel which classifies them according to their type of operation. These instructions are here further grouped depending on the number of clock cycles they require for their execution. Each group of instructions are tested for their behavior towards clock glitches being injected at different places in and surrounding their execution cycle. This thesis utilizes the ChipWhisperer-Lite board (CW1173) for performing the whole experiment by controlling the target device, providing clock as well as clock glitches with appropriate properties at appropriate position to the target device. The Atmel AVR XMEGA 128D4U is used as the target device (CW303) that uses an external clock of frequency 7.37MHz generated by the main board. The Capture software, provided by the ChipWhisperer, is used for establishing the hardware connection between the main board and the target board. The clock glitches are designed and triggered through the Capture software

PicoEMP: A Low-Cost EMFI Platform Compared to BBI and Voltage Fault Injection using TDC and External VCC Measurements

Electromagnetic Fault Injection (EMFI) has been demonstrated to be useful for both academic and industrial research. Due to the dangerous voltages involved, most work is done with commercial tools. This paper introduces a safety-focused low-cost and open-source design that can be built for less than \$50 using only off-the-shelf parts. The paper also introduces an iCE40 based Time-to-Digital Converter (TDC), which is used to visualize the glitch inserted by the EMFI tool. This demonstrates the internal voltage perturbations between voltage, body biasing injection (BBI), and EMFI all result in similar waveforms. In addition, a link between an easy-to-measure external voltage measurement and the internal measurement is made. Attacks are also made on a hardware AES engine, and a soft-core RISC-V processor, all running on the same iCE40 FPGA. The platform is used to demonstrate several aspects of fault injection, including that the spatial positioning of the EMFI probe can impact the glitch strength, and that the same physical device may require widely different glitch parameters when running different designs

FPGA-Based Testbed for Fault Injection on SHA-256

In real world applications, cryptographic algorithms are implemented in hardware or software on specific devices. An active attacker may inject faults during the computation process and careful analysis of faulty results can potentially leak secret information. These kinds of attacks known as fault injection attacks may have devastating effects in the field of hardware and embedded cryptography. This research proposes a partial implementation of SHA-256 along with an onboard fault injection circuit implemented on an FPGA. The proposed fault injection circuit is used to generate glitches in the clock to induce a setup time violation in the circuit and thereby produce error(s) in the output. The main objective of this research is to study the viability of fault injection using the clock glitches on the SHA-256